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METHOD FOR A-KEY EXCHANGE AND UPDATING 
CRITICAL CDMA PARAMETERS 

BACKGROUND 

[0001 ] ^his invention pertains generally to communication of systems 
5 and more particularly to IP Based Over-the-Air Device Management of 

mobile stations. 

> 

[0002] There are some critical parameters used in Code Division 
Multiple Access (CDMA) mobile stations (MS), which are essential for 
signaling and data communication. One such parameter is the 128-bit 

10 Authentication Key (A-Key) (64 bit in legacy MS). The A-key is different 

from other parameters. It is known only to the Authentication Center 
(AC) and the MS. While other parameters may be updated using 
normal request response (IS-683 or IP based) messages, parameters 
like A-Key require a secure method. IS-683 (IS-683-A and later 

15 revisions) defines the method for updating A-Key in IS-95/ cdma2000 

devices using signaling messages. But an IP based method for A-Key 
update is not defined. Purpose of embodiments of this invention is to 
describe an IP based method for A-Key update, as well as other critical 
parameters in cdma2000 mobile stations. 

20 [0003] The invention is related to the IP Based Over-the-Air Device 
Management (IOTA-DM) work item in the 3GPP2 TSG-S standard 
specification. 

[0004] In CDMA systems, a special parameter called Authentication 
Key (A-Key) is used for the generation of Shared Secret Data (SSD). 
25 The SSD is used for the encryption of data sent in the physical layer as 

well as layer 2 signaling. The A-Key is assigned to the MS in a secure 
way. A method for updating A-Key is described in IS-683. But this 
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procedure uses signaling messages for updating A-Key and hence 
limited to the specific implementation. 

[0005] There is significant interest in IP based methods for managing 
mobile stations over-the-air (OTA). Corresponding standards work is 
progressing in OMA and 3GPP2. Current versions of IP based 
protocols do not define a method for A-Key exchange. 
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SUMMARY 

[0006] A method according to an embodiment of this invention provides 
an IP based method for A-Key exchange, and updating other critical 
parameters in cdma2000 mobile stations and beyond. 

5 [0007] These and other features, aspects, and advantages of 
embodiments of the present invention will become apparent with 
reference to the following description in conjunction with the 
accompanying drawings. It is to be understood, however, that the 
drawings are designed solely for the purposes of illustration and not as a 
10 definition of the limits of the invention. 
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BRIEF DESCRIPTION OF THE DRAWINGS 
[0008] Figure 1 is a session diagram illustrative of an embodiment of 
the invention wherein there is OTAF and IS-683 client in the mobile 
station. 

5 [0009] Figure 2 is a session diagram illustrative of an embodiment of 

the invention wherein the mobile station does not Support IS-683 Client. 
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DETAILED DESCRIPTION 

[0010] An embodiment of this invention provides a method for updating 
A-Key in CDMA mobile stations using the DM framework. The method 
5 can be used for the update of other critical parameters in the MS, which 

are not accessible using normal methods. A-Key is a critical parameter, 
which is known only to the Authentication Center (AC) and the mobile 
station. In CDMA mobile stations, the A-Key is updated using over-the- 
air (OTA) methods. 

10 [001 1] Figure 1 is a session diagram illustrative of an embodiment of 
the invention wherein there is OTAF and IS-683 client in the mobile 
station. Entities which may participate in various parts of session 100 
are A-Key IS-683 Client 110, Mobile Station Management Tree 120, 
Mobile Station Device Management Client 130, Over The Air Device 

15 Management Server 140, Over The Air Function (OTAF) Server 1 50. 

The method comprises the following when there is OTAF and IS683 
client in the mobile station. 

1001 . The IS-683 Server in the network initiates the A-Key update 
procedure by issuing a "Key Request Message" as described in IS- 

20 683. 

1002. The OTA-DM Server intercepts the message and buffers it. The 
Server then sends a notification to the MS DM client. This message 
is package #0 in the DM protocol, which acts as a trigger. This trigger 
can carry the identification "A-KET GEN", by which the MS DM Client 

25 identifies it as a trigger to begin the updating of A-Key. 

1003. The MS DM Client responds with "MS Capability Message". This 
is a standard package #1 message in the DM protocol, but for the 
specific purpose of A-Key update, this message will carry new 
parameters to identify the capabilities of the MS. The parameter 



5 



Attorney Docket No. NCP1 771 3 

would include if the MS supports scenario 2.1 or 2.2 described in this 
document. 

1004. After receiving the a MS Capability Message", the I OTA- DM . 
server knows which scenario to be followed, i.e. whether the 
subsequent messaging is for scenario 2.1 or scenario 2.2 described 
in this document. If it is scenario 2.1 , the IOTA-DM Server creates a 
new message "IOTA-DM Key Request Message by encapsulating 
the "Key Request message" originated from the IS-683 server as well 
as additional commands. One additional command is the 
standard "Exec" command in the DM protocol. But here the "Exec" 
command is executed on a special node in the MS Management 
Tree. This node corresponds to the A-Key in the MS. Since A-Key js 
stored only in the MS permanent storage or in the R-UIM/UICC, this 
node in the management tree is a dummy node, which does not 
store the value of A-Key, but points to process which the "Exec" 
command should execute upon receiving the "IOTA-DM Key 
Generation Request Message". In scenario 2.1, this process is the 
IS-683 client running in the MS. The "Key Request Message" 
received at the IOTA-DM Client can be stored in a temporary leaf 
node of the A-Key node, from where the invoked IS-683 client can 
access it. 

1005. On receiving the "IOTA-DM Key Request Message" the MS DM 
Client executes the commands specified in the message. This 
involves executing the "Exec" command on the A-Key node in the 
Management Tree, which results in passing the encapsulated "Key 
Generation Request Message" to the IS-683 Client. 

1006. The IS-683 Client calculates the MS_RESULT parameter based 
on the input parameters in the encapsulated message. The 
algorithm described in section 5.1 of C.S0016 Over-the-Air Service 
Provisioning of Mobile Stations in Spread Spectrum Systems, 
3GPP2, March 2003 is followed for calculating MS_RESULT. 
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1 007. The IS-683 Client sends the "Key Response Message" which 
includes the status of the MS_RESULT calculation. If an error 
occurred, the error code is sent in the response as described in 
C.S0016 Over-the-Air Service Provisioning of Mobile Stations in 
Spread Spectrum Systems, 3GPP2, March 2003. 

1008. The "Key Response Message" is intercepted by the IOTA-DM 
Client and encapsulated in a DM protocol message called "IOTA-DM 
Key Gen. Response" Message. One way is to store the "Key 
Response Message" in a temporary leaf node associated with the A- 
Key node in the management tree from where the IOTA-DM client 
can access it for encapsulation. 

1009. The IOTA-DM Client sends the encapsulated "IOTA-DM Key 
Response Message" to the IOTA-DM Server. 

1010. The IOTA-DM server forwards the encapsulated message to the 
IS-683 Server. 

1011. The IS-683 Server calculates the BS_RESULT following the 
algorithm in section 5.2 of C.S001 6 Over-the-Air Service Provisioning 
of Mobile Stations in Spread Spectrum Systems, 3GPP2, March 
2003 and sends it to the MS in the "Key Generation Request 
message". 

1012. The IOTA-DM Server encapsulates the "Key Generation 
Request Message" in a DM Protocol message and sends it to the MS 
IOTA-DM Client in the "IOTA-DM Key Generation Request". This 
message also carries the "Exec" command to invoke the IS-683 
client. 

1013. Executing the "Exec" command results in invoking the MS IS- 
683 client process. 

1 01 4. The IS-683 client calculates the A-Key from the BS_RESULT. 
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1015. The IS-683 Client now sends the MS_RESULT calculated in 
step 6 in the "Key Generation Response Message. The message is 
encapsulated in the IOTA-DM message. This can be achieved by the 
IS-683 client first storing the message in a temporary leaf node of the 
A-Key node and then the IOTA-DM client accessing it. 

101 6. The IOTA-DM server forwards the MS_RESULT to the IS-683 
Server. 

1 01 7. The IS-683 server computes the A-Key and issues a commit 

* 

message. 

1018. The IOTA-DM server directs the commit message to the MS 
IOTA-DM client. 

101 9. The MS IOTA-DM client forwards this message to the IS-683 
client. On receiving the commit the IS-683 Client stores the A-Key in 
a permanent memory. 

1020. The IS-683 client now sends a "Commit response". 

1021 . The commit response is encapsulated in the "IOTA-DM Commit 
Response". 

1022. The IOTA-DM server forwards the encapsulated message to the 
IS-683 server. 

[0012] The IS-683 server can now update the A-Key in the AC. 

[0013] Figure 2 is a session diagram illustrative of an embodiment of 
the invention wherein the mobile station does not Support IS-683 Client. 
Entities that may participate in various parts of session 200 are A-Key 
Client 210, Mobile Station Management Tree 220, Mobile Station IP 
Based Over-the-Air Device Management Client 230, IP Based Over-the- 
Air Device Management Server 240, and Authentication. The method 
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comprises the following when there the mobile station does not support 
IS-683 client. 

2001 . The Authentication Center (AC) initiates a trigger to update the 
A-Key in the MS. 

2002. The IOTA-DM server begins a notification-initiated session by 
sending a notification message with data "A-KEY GEN". 

2003. The IOTA-DM client responds with package #1 carrying the MS 
capability information. This enables the DM Server to tailor the 
contents according to the capabilities of the device. Step 4. onwards 
assume that the device is SyncML DM capable. 

2004. The IOTA-DM server creates Key Request message and sends 
it to the MS Client in DM Protocol [2] message. The message 
includes the input parameters mentioned in section 5.1.2 of C.S0016 
Over-the-Air Service Provisioning of Mobile Stations in Spread 
Spectrum Systems, 3GPP2, March 2003. 

2005. The IOTA-DM client executes the Exec command in the 
message. The Exec command carries information about the process 
to be invoked for calculating A-Key. The process can be integrated 
to the IOTA-DM client, in which case a separate A-Key Client is not 
required. The parameters from the message received in step 4 is 
provided as input parameters to the A-Key client. 

2006. The A-key client computes the MS_RESULT parameter. 

2007. The result code is send in the Key Response message. 

2008. The IOTA-DM Server computes the BS_RESULT (See 
procedures in 5.2.1 of C.S0016 Over-the-Air Service Provisioning of 
Mobile Stations in Spread Spectrum Systems, 3GPP2, March 2003), 
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2009. The IOTA-DM Server sends the BS_RESULT to the MS client in 
a "Key Generation Request Message". 

2010. The IOTA-DM client passes the parameters to the A-Key Client. 

201 1 . The A-Key client computes the A-KEY following the algorithm 
described in section 5.1 of C.S0016 Over-the-Air Service 
Provisioning of Mobile Stations in Spread Spectrum Systems, 
3GPP2, March 2003, based on input parameters in step 4 and the ^ 
BS_RESULT from step 9. The value can be stored in a temporary 
location in the management tree. 

2012. The IOTA-DM Client sends the "Key Generation Response 
Message". MS_RESULT computed in step 6 is send in this 
message to the IOTA-DM Server. 

201 3. The IOTA-DM Server computes the A-Key based on 
MS_RESULT, following the algorithm in section 5.2 of C.S0016 
Over-the-Air Service Provisioning of Mobile Stations in Spread 
Spectrum Systems, 3GPP2, March 2003. 

2014. The DM Server sends a "Commit Message" to the IOTA-DM 
Client. 

2015. On receipt of the commit request, the IOTA-DM client invokes 
the A-Key client to store the A-Key stored in temporary node of the 
management tree to the permanent memory A-KEYp and removes 
the A-Key from temporary storage. 

201 6. The IOTA-DM client sends the status of in the commit response 
message. 

2017. The IOTA-DM server updates the A-Key to the Authentication 
Center (AC). 
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[0014] Although described in the context of particular embodiments, it 
will be apparent to those skilled in the art that a number of modifications 
and various changes to these teachings may occur. Thus, while the 
invention has been particularly shown and described with respect to one 
or more preferred embodiments thereof, it will be understood by those 
skilled in the art that certain modifications or changes, in form and 
shape, may be made therein without departing from the scope and spirit 
of the invention as set forth above. 
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ABSTRACT 

[0015] A method according to an embodiment of this invention provides 
an IP based method for A-Key exchange, and updating other critical 
parameters in cdma2000 mobile stations and beyond. 
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